Attacks that use patching processes and software updates have evolved a long way from the simple fake "flash update" exploits.
Today attackers are focusing on exploiting software and service providers as a means to reach their targets. That means that the activity that would normally expose the malicious actor by detecting things like DDoS attacks, failed logins, port scans, etc. happen on a network you don't monitor.
As these attackers find more creative ways to get into your organization, the more important it is to detect their actions and limit their ability to move laterally on your network.
Recent attacks have even targeted patching processes and software updates, leveraging the very means by which organizations protect themselves against potential threats. It's no wonder that organizations are moving more toward a "zero trust" model. Any blind spot becomes a potentially vulnerable attack surface. Infiltrating the target organization by compromising something or someone further down the chain is often an attractive attack vector. And the logical reaction to this type of unknown is to trust nothing — but that mindset is not practical or sustainable. So, how do we adopt a zero-trust strategy without completely stagnating our business and hamstringing innovation? By accepting the inevitable and prioritizing accordingly.